Wireshark-dev: Re: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protoco
Thank you for the response,
We are connecting over port 5494. I believe this has to do with a
Sql server we are using. I will investigate this possibility.
Justin
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen Fisher
Sent: October 12, 2007 6:34 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protocol is being used?
On Fri, Oct 12, 2007 at 05:16:08PM -0400, Justin Seto wrote:
> My company is using the Microsoft C++ standard implementation of TLS,
> i.e. plugging in the module, to handle SSL connections. When I use
> wireshark to capture data, it does not detect the SSL packets.
> However, when I read the raw data in the TCP packet, I can see the TLS
> headers in the first bytes of the data payload. Furthermore, there
> seems to be an exchange of certificates.
>
> When I connect to an SSL enabled site over a web browser I can scope
> TLS packets. I would like to see the same thing appear when I scope
> packets from my program. My first question is: how does wireshark
> determine whether a packet is an SSL packet?
Is your company's program using a standard SSL port? Wireshark detects
SSL on at least ports 636 (ldap over SSL), 993 (imap over SSL), and 995
(pop over SSL). There is a default setting in the HTTP dissector's
preferences to decode port 443 as HTTP over SSL.
Steve
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev